Download PDF
Home

1. Introduction to RBFS IS-IS

The RtBrick Full Stack (RBFS) is a distributed, web-scale network operating system based on micro-service architecture and packaged in a Linux container currently based on Ubuntu 18.04. The RBFS decreases the complexity of a network by providing users with capabilities such as composability, programmability, and elasticity in a visionary way.

The RBFS operating system operates on the leaf and spine framework. This framework provides the network operators with methods to configure and manage a network brick by brick, and provides full control of the network so the focus can be on the deployment of the new services and not the constant juggling of hardware. The Intermediate System-to-Intermediate System (IS-IS) protocol is an interior gateway protocol (IGP) that uses link-state information to make routing decisions.

1.1. IS-IS CLI Overview

This guide provides the various IS-IS configuration and show CLI commands for RBFS. It shows you how to configure IS-IS using the confd daemon, view the command hierarchy, and make configuration changes.

1.2. RBFS IS-IS Instance Hierarchy

The RBFS uses a distinct hierarchy for the IS-IS statements and commands. When installed, the RBFS runs a default instance named “default.”

You can apply IS-IS configuration statements and commands at the instance, address family, or protocol IS-IS hierarchy level.

The figure below shows the IS-IS command hierarchy:

IS-IS Instance hierarchy

The table below shows the IS-IS configuration modes and CLI prompts:

Configuration Mode Prompt

Root

root@confd:/>

Instance

root@confd:/isis>

Interface

root@confd:/isis/interface>

Interface level [level-1 | level-2]

root@confd:/isis/twc-0/0/1/1/1/level-1>
root@confd:/isis/twc-0/0/1/1/1/level-2>

Address Family [ipv4 | ipv6]

root@confd:/isis/ipv4-unicast>
root@confd:/isis/ipv6-unicast>

Redistribute

root@confd:/isis/ipv4-unicast/redistribute>

1.2.1. Modes and Commands

All edit and set operations are performed through the configuration daemon CONFD. Their end result is similar, but the terms apply to slightly different configuration methods:

  • Mode: An “edit” is used to provide a hierarchical configuration option for the module instance.

  • Commands: A “set” is used to set the statement parameters and attributes for the module instance.

In a typical configuration session, you will use both methods.

Syntax

root@is-is-router:confd> edit instance red
[ instance red ]
root@is-is-router:confd> edit protocol isis
[ instance red protocol isis ]
Note You can execute the exit command to exit the current level of the statement hierarchy, returning to the level prior to the last edit command. To exit from the configuration mode, enter the end and exit commands.

1.2.2. IS-IS Instance

To enter into the IS-IS default instance mode, enter the following command:

root@rta:confd> edit instance protocol isis
[ instance protocol isis ]
root@rta:confd>

1.2.3. Interface

In this mode, you can configure the interface-specific IS-IS properties.

Example (Default Instance)

root@is-is-router:confd> edit interface twc-0/0/1/2/1
[ instance protocol isis interface twc-0/0/1/2/1 ]
root@rta:confd>

Example (VRF Instance)

root@is-is-router:confd> edit interface twc-0/0/1/2/1
[ instance red protocol isis interface twc-0/0/1/2/1 ]
root@rta:confd>

1.2.4. Level (IS-IS Interfaces)

The level mode enables you to configure the IS-IS operational characteristics of the interface at Level 1 and/or Level 2. Level 1 and Level 2 can be configured inside a logical interface. By default, an interface operates in both Level 1 and Level 2 modes.

  • Level 1: Specifies the IS-IS operational characteristics of the interface at level 1.

  • Level 2: Specifies the IS-IS operational characteristics of the interface at level 2.

Example (Default Instance)

root@is-is-router:confd> edit level-1
[ instance protocol isis interface twc-0/0/1/2/1 level-1 ]
root@is-is-router:confd> edit level-2
[ instance protocol isis interface twc-0/0/1/2/1 level-2 ]

Example (VRF Instance)

root@is-is-router:confd> edit level-1
[ instance red protocol isis interface twc-0/0/1/2/1 level-1 ]

root@is-is-router:confd> edit level-2
[ instance red protocol isis interface twc-0/0/1/2/1 level-2 ]

1.2.5. Redistribute

IS-IS determines support for route redistribution based on address family. The selected address family can redistribute local interface routes, static routes, routes learned by IS-IS, and so on.

The examples below show the route redistribution options:

Example (Default Instance)

root@isr1:confd> edit instance protocol isis address-family ipv4 unicast
[ instance protocol isis address-family ipv4 unicast ]
root@isr1:confd>

Example (VRF Instance)

root@ is-is-router:confd> edit instance vrf1
instance vrf1 ]
root@ is-is-router:confd> edit address-family ipv4 unicast
[ instance vrf1 address-family ipv4 unicast ]

1.3. IS-IS Instance Configuration Commands

This section describes the commands used to configure IS-IS in an instance.

1.3.1. IS-IS Instance

To enter into the IS-IS default instance mode configuration mode, enter the following command:

root@rta:confd> edit instance protocol isis
[ instance protocol isis ]
root@rta:confd>
Example
root@isr1:confd> edit instance protocol isis
[ instance protocol isis ]
root@isr1:confd>

root@isr1:confd> set
  address-family           Address family config
  area                     ISO area
  holding-time             ISIS neighbor hold time
  hostname                 ISIS System Host Name
  interface                Interface Configuration
  lsp                      LSP Flooding Related Configuration
  overload                 Set ISIS Overload bit in LSP
  system-id                ISO system id associated with the system
[ instance protocol isis ]
root@isr1:confd>

1.3.2. area

This command specifies the ISO area.

Syntax

set area <area>

Command arguments

<area>

The area can be represented in 1, 3, 5, 13 bytes format.

Example
root@rta:confd> edit instance protocol isis
root@rta:confd> set area 49.0001/24

1.3.3. holding-time

This command sets the adjacency expiry interval. This is a global setting for the instance.

Syntax

set holding-time < seconds>

Command arguments

<seconds>

Specifies the adjacency expiry and the hello interval time in seconds.

Default value: 30 seconds

Range: 1 through 65535 seconds

Note: You need to adjust the hold time configuration for stable operations.

Example
root@rta:confd> edit instance protocol isis
root@rta:confd> set holding-time 30000

1.3.4. lsp lifetime

This command sets the link-state PDU (LSP) lifetime, after which the LSP expires.

Syntax

set lsp lifetime <seconds>

Command arguments

<seconds>

Specifies the LSP lifetime in seconds.

Default value: 20 seconds

Range: 5 through 65535 seconds

Example
root@rta:confd> edit instance protocol isis
root@rta:confd> set lsp lifetime 30000

1.3.5. hostname

This command sets the IS-IS hostname of the node.

Syntax

set isis hostname <name>

Command arguments

<name>

Specifies the IS-IS hostname of the node.

Example
root@rta:confd> edit instance protocol isis
root@rta:confd> set hostname rta

1.3.6. overload

This command sets the IS-IS overload bit in a link-state PDU (LSP).

Syntax

set overload

Example
root@rta:confd> edit instance protocol isis
root@rta:confd> set overload

1.3.7. system-id

This command sets the ISO system ID.

Syntax

set system-id <system ID>

Command arguments

<system ID>

Six-byte value that identifies a system in an area.

Example
root@rta:confd> edit instance protocol isis
root@rta:confd> set system-id 1921.0000.1001

1.4. IS-IS Interface Configuration Commands

This section describes the IS-IS interface mode configuration commands.

1.4.1. interface-type

This command sets the interface type. You can execute this command from the Instance mode.

Syntax

set isis interface twc-0/0/1/1/1 interface-type <interface-type>

Command arguments

<interface-type>

Specifies the interface type.

Note: The point-to-point is the default interface type and hence you actually do not need to configure it.

Example
root@isr1:confd> edit instance protocol isis interface twc-0/0/1/2/1
[ instance protocol isis interface twc-0/0/1/2/1 ]
[ instance protocol isis interface twc-0/0/1/2/1 ]
root@isr1:confd> set interface-type point-to-point

1.4.2. passive

This command sets the interface in passive mode. In this mode, no IS-IS hello packets are sent out on the interface and no IS-IS adjacencies are created. But the IP prefixes will be mentioned in the self LSP to make the network reachable via other links. You can execute this command from the interface mode.

Syntax

set isis interface twc-0/0/1/1/1 passive

Example
root@isr1:confd> edit instance protocol isis interface twc-0/0/1/2/1
[ instance protocol isis interface twc-0/0/1/2/1 ]
root@isr1:confd> set passive

1.5. IS-IS Level (Interface) Configuration Commands

This section describes the IS-IS interface level configuration mode commands.

1.5.1. level-1 disable

This command disables level-1 adjacencies on an interface. By default, it is enabled. You can execute this command from the interface level mode.

Syntax

set isis interface twc-0/0/1/1/1 level-1 disable

Example
root@isr1:confd> edit instance protocol isis interface twc-0/0/1/2/1 level-1
[ instance protocol isis interface twc-0/0/1/2/1 level-1 ]
root@isr1:confd> set disable

1.5.2. level-2 disable

This command disables the level-2 adjacencies on an interface. By default, it is enabled. You can execute this command from the interface level mode.

Syntax

set isis interface twc-0/0/1/1/1 level-2 disable

Example
root@isr1:confd> edit instance protocol isis interface twc-0/0/1/2/1  level-2
[ instance protocol isis interface twc-0/0/1/2/1 level-2 ]
root@isr1:confd> set disable

1.5.3. level-1 metric

This command sets the interface level-1 metric value. If the metric value is not set, the default value is set to 1000000. You can execute this command from the interface level mode.

Syntax

set isis interface twc-0/0/1/1/1 level-1 metric <metric value>

Command arguments

<metric value>

This option sets the level-1 metric value.

Default Value: 1000000

Example
[ instance protocol isis interface twc-0/0/1/2/1 ]
root@isr1:confd> set level-1 metric 10

1.5.4. level-2 metric

This command sets the interface level-2 metric value. If the metric value is not set, the default value is set to 1000000. You can execute this command from the interface level mode.

Syntax

set isis interface twc-0/0/1/1/1 level-2 metric <metric value>

Command arguments

<metric value>

Specifies the level-2 metric value.

Default Value: 1000000

Example
[ instance protocol isis interface twc-0/0/1/2/1 ]
root@isr1:confd> set level-2 metric 10

1.6. IS-IS Redistribute Configuration Commands

This section describes the IS-IS redistribute configuration commands.

1.6.1. redistribute source

This command redistributes route from a selected source into a selected IS-IS level database. This configuration command can be executed from the redistribute or address family modes.

Syntax

set isis address-family ipv4 unicast redistribute source <source> into isis [level-1 | level-2]

Command arguments

<source>

Specifies the source from which the routes are to be redistributed from. The available options are bgp, ospf, direct, and static.

level-1 | level-2

Specifies the IS-IS level database into which the selected routes will be redistribute to.

Example
root@isr1:confd> edit instance protocol isis address-family ipv4 unicast
[ instance protocol isis address-family ipv4 unicast ]
root@isr1:confd> set r
  source                              Source to be distibuted
  [<Enter>]                           Execute the command
[ instance protocol isis address-family ipv4 unicast ]
root@isr1:confd> set redistribute sou
  bgp                                 <source>
  direct                              <source>
  ospf                                <source>
  static                              <source>
[ instance protocol isis address-family ipv4 unicast ]
root@isr1:confd> set redistribute source st
  level-1                             <dest-sub-type>
  level-2                             <dest-sub-type>
[ instance protocol isis address-family ipv4 unicast ]
root@isr1:confd> set redistribute source static into isis level-1

1.7. IS-IS Show Commands for IOD

Configuration statements can be shown to be working properly using show commands. IS-IS is implemented in two modules: IOD and APPD.

This section details the fields displayed by IS-IS show commands handled by the IOD module.

1.7.1. show isis neighbors

This command shows the summary of the IS-IS neighbors.

Syntax

show isis neighbors

show isis neighors instance <instance name>

Command arguments

<instance name>

Displays the neighbors in the specified instance. By default, the neighbors in the default instance are shown.

Example (default instance)
ubuntu@isr1:~$ rtb isis.iod.1 show isis neighbors
  ISIS neighbor information summary for the mentioned instance is given below:
  Instance: default
 Interface          System          Level State   Type  UP from              Expires in
 twc-0/0/1/2/1      1921.6800.1002  L1    Up      P2P   0d:1h:3m:32s         expires in 28s 38...
 twc-0/0/1/3/1      1921.6800.1003  L1    Up      P2P   0d:1h:2m:40s         expires in 20s 22...
ubuntu@isr1:~$
Output Fields
Name Description

Interface

Name of the interface on which the neighbor is identified

System

System ID of the neighbor

Level

Specifies the interface level (1, 2)

State

State of the IS-IS neighbor (Up, Down, etc.)

Type

Type of the adjacency on which neighbor is identified

UP from

The time for which session is in UP state

Expires in

Number of seconds until adjacency expires

Example (vrf instance)
ubuntu@bangalore:~$ rtb isis.iod.1 show isis neighbors instance isisvrf

  ISIS neighbor information summary for the mentioned instance is given below:

  Instance: isisvrf
 Interface          System          Level State   Type  UP from              Expires in
 ifl-0/0/2/1/1      1921.6800.1001  L1L2  Down    P2P   0d:0h:0m:0s          expires in 49710d...
 ifl-0/0/2/1/1      1921.6800.1002  L1L2  Up      P2P   0d:0h:3m:48s         expires in 24s 77...

1.7.2. show isis neighbors detail

This command shows the detailed information about the IS-IS neighbors.

Syntax

show isis neighbors detail

show isis neighors instance <instance name> detail

Command arguments

<instance name>

Displays the neighbors in the specified instance. By default, the neighbors in the default instance are shown.

Example
ubuntu@isr1:~$ rtb isis.iod.1 show isis neighbors detail

Neighbor System ID: 1921.6800.1002, Interface: twc-0/0/1/2/1
  State: Up, Level: L1, Adjacency type: P2P
  Holding time: 30, Expiry time: 24s 640162us
  Local IPv4 address: 12.1.1.1, Remote IPv4 address: 12.1.1.2
  Local IPv6 address: fe80::2:0:faff:febd:1020, Remote IPv6 address: fe80::2:0:faff:febd:2010
  Last Down Reason: Parameter change
  Neighbor Up Since: 0d:1h:5m:54s
  Last transition times:
    Last transition time: 2019-11-13T14:14:09.250134+0530

Neighbor System ID: 1921.6800.1003, Interface: twc-0/0/1/3/1
  State: Up, Level: L1, Adjacency type: P2P
  Holding time: 30, Expiry time: 20s 404566us
  Local IPv4 address: 13.1.1.1, Remote IPv4 address: 13.1.1.2
  Local IPv6 address: fe80::2:0:faff:febd:1030, Remote IPv6 address: fe80::2:0:faff:febd:3010
  Last Down Reason: Parameter change
  Neighbor Up Since: 0d:1h:5m:2s
  Last transition times:
    Last transition time: 2019-11-13T14:15:01.717950+0530
Output Fields
Name Description

Interface

Interface through which the neighbor is reachable

Neighbor System ID

System ID of the neighbor

Level

Level negotiated for neighbor

  • 1—Level 1 only

  • 2—Level 2 only

State

State of the IS-IS neighbor

Adjacency type

Adjacencies established on the interface. The value is P2P.

Type

Type of the adjacency on which neighbor is identified

Last Down Reason

Reason the adjacency is down

Neighbor Up Since

The time for which session is in UP state

Expiry time

The time after which the session expires

Holding time

The adjacency expiry interval configured

Local IPv4 address

Local IP address from matching subnet with neighbor

Remote IPv4 address

Remote IP address from matching subnet with neighbor

Local IPv6 address

Local IPv6 address from matching subnet with neighbor

Remote IPv6 address

Remote IPv6 address from matching subnet with neighbor

1.7.3. show isis interface

This command shows the summary of IS-IS interfaces.

Syntax

show isis interface

show isis interface instance <instance name>

Command arguments

<instance name>

Displays the neighbors in the specified instance. By default, the neighbors in the default instance is shown.

Example
ubuntu@isr1:~$ rtb isis.iod.1 show isis interface

  ISIS interface information summary for the mentioned instance is given below:

  Instance: default
 Interface          Level Adjacencies  Metric       Type             Passive
 twc-0/0/1/2/1      1     1            10           point-to-point   false
 twc-0/0/1/2/1      2     1            10           point-to-point   false
 twc-0/0/1/3/1      1     1            10           point-to-point   false
 twc-0/0/1/3/1      2     1            10           point-to-point   false
ubuntu@isr1:~$
Output Fields
Name Description

Interface

Interface configured for IS-IS

Level

Configured level of IS-IS

  • 1—Level 1 only

  • 2—Level 2 only

Adjacencies

Number of neighbors in UP state

Type

Type of the interface, that is, point-to-point

Metric

Metric configured on the interface

Passive

Interface passive state

1.7.4. show isis interface level

This command shows the detailed information of a specific IS-IS interface per level.

Syntax

show isis interface <interface name> level [level-1 | level-2]

Command arguments

<interface name>

Interface configured for IS-IS Level

Example
ubuntu@isr1:~$ rtb isis.iod.1 show isis interface twc-0/0/1/2/1 level-1
Interface: twc-0/0/1/2/1, Level: 1
  Adjacencies: 1, Metric: 10, Interface type: point-to-point
  Local Circuit ID: 1, Passive: false
  CSNP : In: 10                  , Out: 113                 , Fail: 0
  PSNP : In: 6                   , Out: 6                   , Fail: 0
  LSP  : In: 8                   , Out: 6                   , Fail: 0                   , Processed: 3                   , Purge In: 0
  IIH  : In: 413                 , Out: 416
ubuntu@isr1:~$ rtb isis.iod.1 show isis interface twc-0/0/1/2/1 level-2
Interface: twc-0/0/1/2/1, Level: 2
  Adjacencies: 1, Metric: 10, Interface type: point-to-point
  Local Circuit ID: 1, Passive: false
  CSNP : In: 46                  , Out: 113                 , Fail: 0
  PSNP : In: 4                   , Out: 9                   , Fail: 0
  LSP  : In: 12                  , Out: 4                   , Fail: 0                   , Processed: 10                  , Purge In: 0
  IIH  : In: 32                  , Out: 418
ubuntu@isr1:~$
Output Fields
Name Description

Interface

Name of the interface on which IS-IS is configured

Level

Configured level of IS-IS

  • 1—Level 1 only

  • 2—Level 2 only

Adjacencies

Number of neighbors in UP state

Interface type

Type of the interface - point-to-point

Metric

Metric configured on the interface

Passive

Interface passive state

CSNP In

Count of incoming CSNP packets on that interface for the specified level

CSNP Out

Count of outgoing CSNP packets on that interface for the specified level

CSNP Fail

Count of failed parse cases for CSNP packets on that interface for the specified level

PSNP In

Count of incoming PSNP packets on that interface for the specified level

PSNP Out

Count of outgoing PSNP packets on that interface for the specified level

PSNP Fail

Count of failed parse cases for Partial Sequence Number Packets (PSNP) on that interface for the specified level

LSP In

Count of incoming LSP packets on that interface for the specified level

LSP Out

Count of outgoing LSP packets on that interface for the specified Level

LSP Fail

Count of failed parse cases for LSP packets on that interface for the specified level

LSP Processed

Count of non-duplicate LSP packets processed on that interface for the specified level

LSP Purge In

Count of LSP purge packets processed on that interface for the specified level

IIH In

Count of incoming IS-IS Hello (IIH) packets on that interface for the specified level

IIH Out

Count of outgoing IIH packets on that interface for the specified level

1.7.5. show isis lsp database

This command shows the IS-IS LSP database summary for L1 and L2.

Syntax

show isis lsp database

show isis lsp database instance <instance name>

Command arguments

<instance name>

Displays the neighbors in the specified instance. By default, the neighbors in the default instance are displayed.

Example
ubuntu@isr1:~$ rtb isis.iod.1 show isis lsp database

  ISIS database summary for the mentioned instance is given below:

  Instance: default Level: 1
             ID            Level     Sequence    Checksum Lifetime          Expiry Status          Purged
    1921.6800.1001.00-00     1          7          52839    65535  expires in 17h 3m 57s 96564...
    1921.6800.1002.00-00     1          5          36037    65534  expires in 17h 3m 5s 685363us
    1921.6800.1003.00-00     1          5          41602    65534  expires in 17h 3m 57s 97062...

  ISIS database summary for the mentioned instance is given below:

  Instance: default Level: 2
             ID            Level     Sequence    Checksum Lifetime          Expiry Status          Purged
    1921.6800.1001.00-00     2          12         24073    65535    expires in 17h 4m 81219us
    1921.6800.1002.00-00     2          13         48990    65526  expires in 17h 3m 58s 87700...
    1921.6800.1003.00-00     2          13         11067    65526  expires in 17h 3m 58s 87703...
    1921.6800.1004.00-00     2          5          58170    65434  expires in 16h 57m 27s 4173...
    1921.6800.1005.00-00     2          5          26798    65494  expires in 16h 57m 27s 4105...
    1921.6800.1006.00-00     2          5          60451    65454  expires in 16h 57m 27s 4260...
ubuntu@isr1:~$
Output Fields
Name Description

ID

The LSP identifier

Level

Configured level of IS-IS

  • 1—Level 1 only

  • 2—Level 2 only

Sequence

Sequence number of LSP

Checksum

Checksum of the entire LSP packet

Lifetime

Link-state PDU lifetime, in seconds

Expiry Status

Time after which LSP expires

Purged

This field is set if the LSP is in purge holddown mode

1.7.6. show isis lsp database level

This command shows the IS-IS Link State Database (LSDB) summary for a specific level (level-1 or level-2).

Syntax

show isis lsp database [level-1 | level-2]

show isis lsp database [level-1 | level-2] instance <instance name>

Command arguments

level-1 | level-2

This option will select the level database to be displayed.

<instance name>

This option will list the neighbors in the specified instance. By default, the neighbors in the default instance is shown.

Example
ubuntu@isr1:~$ rtb isis.iod.1 show isis lsp database level-1

  ISIS database summary for the mentioned instance is given below:

  Instance: default Level: 1
             ID            Level     Sequence    Checksum Lifetime          Expiry Status          Purged
    1921.6800.1001.00-00     1          3          44687    65535  expires in 18h 4m 59s 88463us
    1921.6800.1002.00-00     1          3          17129    65534  expires in 18h 4m 58s 61250...
    1921.6800.1003.00-00     1          3          21971    65533  expires in 18h 4m 58s 23672...
ubuntu@isr1:~$
Output Fields
Name Description

ID

The LSP identifier

Level

Configured level of IS-IS

  • 1—Level 1 only

  • 2—Level 2 only

Sequence

Sequence number of LSP

Checksum

Checksum of the entire LSP packet

Lifetime

Link-state PDU lifetime, in seconds

Expiry status

Time after which LSP expires

1.7.7. show isis lsp database level detail

This command shows the actual content of the link state database.

Syntax

show isis lsp database [level-1 | level-2] detail

show isis lsp database [level-1 | level-2] detail instance <instance name>

Command arguments

level-1 | level-2

This option will select the level database to be displayed.

<instance name>

This option will list the neighbors in the specified instance. By default, the neighbors in the default instance is shown.

Example
ubuntu@isr1:~$ rtb isis.iod.1 show isis lsp database level-1 detail

LSP ID: 1921.6800.1001.00-00, Level: 1
  Sequence no: 3, Checksum: 44687, Remaining Lifetime: 65535
  Attached bit: 0, Overload bit: 0
  Last received time: 2019-11-18T17:31:37.083306+0530
  Expiry time: expires in 18h 8m 24s 123427us
    Supported Protocols:
      Protocol supported: IPv6
      Protocol supported: IPv4
    Neighbor List:
      Node ID: 1921.6800.1002.00, Metric: 10
    IPv4 Prefix List:
      Prefix: 12.1.1.0/24, Metric: 10
      Prefix: 1.1.1.1/32, Metric: 10
    IPv6 Prefix List:

LSP ID: 1921.6800.1002.00-00, Level: 1
  Sequence no: 3, Checksum: 17129, Remaining Lifetime: 65534
  Attached bit: 0, Overload bit: 0
  Last received time: 2019-11-18T17:31:37.607666+0530
  Expiry time: expires in 18h 8m 23s 647289us
    Supported Protocols:
      Protocol supported: IPv6
      Protocol supported: IPv4
    Neighbor List:
      Node ID: 1921.6800.1001.00, Metric: 10
      Node ID: 1921.6800.1003.00, Metric: 10
    IPv4 Prefix List:
      Prefix: 12.1.1.0/24, Metric: 10
      Prefix: 23.1.1.0/24, Metric: 10
      Prefix: 2.2.2.2/32, Metric: 10
    IPv6 Prefix List:

LSP ID: 1921.6800.1003.00-00, Level: 1
  Sequence no: 3, Checksum: 21971, Remaining Lifetime: 65533
  Attached bit: 0, Overload bit: 0
  Last received time: 2019-11-18T17:31:38.232094+0530
  Expiry time: expires in 18h 8m 23s 271164us
    Supported Protocols:
      Protocol supported: IPv6
      Protocol supported: IPv4
    Neighbor List:
      Node ID: 1921.6800.1002.00, Metric: 10
    IPv4 Prefix List:
      Prefix: 23.1.1.0/24, Metric: 10
      Prefix: 3.3.3.3/32, Metric: 10
    IPv6 Prefix List:
ubuntu@isr1:~$
Output Fields
Name Description

ID

The LSP identifier

Level

Configured level of IS-IS

  • 1—Level 1 only

  • 2—Level 2 only

Sequence

Sequence number of LSP

Checksum

Checksum of the entire LSP packet

Remaining Lifetime

Link-state PDU lifetime, in seconds

Expiry status

Time after which LSP expires

1.8. IS-IS Show Commands for APPD

This section details the fields displayed by IS-IS show commands handled by the APPD module.

1.8.1. show isis spf-results level

This command shows the IS-IS SPF results for a specific level and topology.

Syntax

show isis spf-results level [level-1 | level-2] topology [ipv4-unicast | ipv6-unicast]

show isis spf-results instance <instance name> level [level-1 | level-2] topology [ipv4- unicast | ipv6-unicast]

Command arguments

level-1 | level-2

Displays the configured level of IS-IS

  • 1—Level 1 only

  • 2—Level 2 only

<instance name>

Displays the neighbors in the specified instance. By default, the neighbors in the default instance is shown.

ipv4-unicast | ipv6-unicast

This option will select the topology

Example
ubuntu@isr1:~$ rtb isis.appd.1 show isis spf-results level level-1 topology ipv4-unicast
 Node                Metric     Nexthop
 1921.6800.1001.00   0          via local
 1921.6800.1002.00   10         12.1.1.2 via twc-0/0/1/2/1
 1921.6800.1003.00   10         13.1.1.2 via twc-0/0/1/3/1
ubuntu@isr1:~$
Output Fields
Name Description

Node

IS-IS Node ID

Metric

Metric value associated with the route

Nexthop

Displays the nexthop IP address

1.8.2. show isis routes

This command shows the IS-IS routes for the selected topology.

Syntax

show isis routes [ipv4-unicast | ipv6-unicast] summary

show isis routes [ipv4-unicast | ipv6-unicast] instance <instance name> summary

Command arguments

<instance name>

Displays the neighbors in the specified instance. By default, the neighbors in the default instance are displayed.

ipv4-unicast | ipv6-unicast

This option will select the topology.

Example
ubuntu@isr1:~$ rtb isis.appd.1 show isis routes ipv4-unicast summary
 Prefix               Metric     Source     Nexthop
 12.1.1.0/24          10         isis       via local
 13.1.1.0/24          10         isis       via local
 23.1.1.0/24          20         isis       12.1.1.2 via twc-0/0/1/2/1
 24.1.1.0/24          20         isis       12.1.1.2 via twc-0/0/1/2/1
 25.1.1.0/24          20         isis       12.1.1.2 via twc-0/0/1/2/1
 26.1.1.0/24          20         isis       12.1.1.2 via twc-0/0/1/2/1
 1.1.1.1/32           10         isis       via local
 2.2.2.2/32           20         isis       12.1.1.2 via twc-0/0/1/2/1
 3.3.3.3/32           20         isis       13.1.1.2 via twc-0/0/1/3/1
 4.4.4.4/32           30         isis       12.1.1.2 via twc-0/0/1/2/1
 5.5.5.5/32           30         isis       12.1.1.2 via twc-0/0/1/2/1
 6.6.6.6/32           30         isis       12.1.1.2 via twc-0/0/1/2/1
ubuntu@isr1:~$
Output Fields
Name Description

Prefix

The IPv4/IPv6 prefix and mask

Metric

Metric value associated with the route

Source

Source of the route. This value is always IS-IS.

Nexthop

Displays the nexthop IP address

2. Configuring IS-IS

2.1. Introduction

Segment Routing (SR) allows for a flexible definition of end-to-end paths within IGP topologies by encoding paths as sequences of topological sub-paths, called "segments". These “segments” need to be advertised by a routing protocol such as IS-IS. Prefix segments represent a shortest-path to a prefix (or a node), as per the state of the IGP topology. Adjacency segments represent a hop over a specific adjacency between two nodes in the IGP.

2.2. Supported Hardware

  • Edgecore AS5916-XKS

  • RBFS Virtual Service Router

2.3. Guidelines and Limitations

  • Support only Prefix SID with Node Flag, that is, SID can be configured only on Loopback interfaces.

  • Support only for configuration of single SRGB block.

2.4. Prerequisites

  • All the nodes in the network are SR enabled. So, if the intermediate router has no SR enabled, the previous SR-enabled router will not install SID for that node. So, the path can be incomplete.

2.5. System Overview

This section shows the interaction of this ISIS-SR feature with various daemons in RBFS. The figure below shows the interaction on with respect to this feature.

CONFD

Confd is RBFS configuration daemon. It stores ISIS SR configurations. ISIS IOD and ISIS APPD daemons subscribes for the following configuration:

  • ISIS SR enable/disable information.

  • Global SRGB configuration.

  • Segment Index for loopback interfaces.

HALD

ISIS IOD interacts with HALD to send and receive ISIS packets. All ISIS SR related information is sent and received from other routers through HALD.

FWDD

ISIS APPD interacts with FWDD to download the SR routes. FWDD subscribes labeled unicast table with ISIS APPD.

2.6. Configuring Segment Routing for IS-IS Protocol

Segment routing on the IS-IS control plane supports the following:

  • IPv4 control plane

  • Level 1 and level 2 routing

  • Prefix SIDs for host prefixes on loopback interfaces

To configure segment routing for the IS-IS protocol, perform the following steps:

  1. Enter into the IS-IS default instance mode, and enable IS-IS routing for the specified routing instance.

    root@is-is-router:confd> edit instance red
    [ instance red ]
    root@is-is-router:confd> edit protocol isis
    [ instance red protocol isis ]
  2. Enter into the IS-IS configuration mode.

    root@rtbrick:confd> edit instance protocol isis
    [ instance protocol isis ]
  3. Configure SRGB (base label and range).

    [ instance protocol isis ]
    set segment-routing srgb start-label <base-value> index-range <range-value>
  4. Configure index (either ipv4 or ipv6) on an interface.

    [ instance protocol isis ]
    set interface <ifl-name> segment-routing <ipv4 | ipv6> index <sid-value>

For more information about the configuration and show commands, see the chapters below.

2.7. Configuration Commands

2.7.1. Instance Level Commands

  • srgb start-label

2.7.1.1. srgb start-label

This command assigns a segment routing SRGB global block.

Syntax

set instance protocol isis segment-routing srgb start-label <base-value> index-range <range-value>

Command arguments

<base-value>

SRGB Start Label

<index-range>

SRGB range value

Command modes
[instance protocol isis]
Example

The following example shows how to configure SRGB with start-label 5000 and index-range 100. The start label of the label block is 5000 and the end of the label block is 5099.

Note The SRGB label values 0 to 15 are reserved.
[ ]
root@rtbrick:confd> edit instance protocol isis

[ instance protocol isis ]
root@rtbrick:confd> set segment-routing start-label 5000 index-range 100

To delete the operation that you performed, enter the following command:

delete instance isisvrf protocol isis segment-routing srgb

2.7.2. Interface Level Commands

  • segment-routing index

2.7.2.1. segment-routing index

This command assigns a label from the configured global SRGB range for address assigned to this interface.

Syntax

set instance protocol isis interface <ifl-name> segment-routing <ipv4 | ipv6> index <sid-value>

Command arguments

<ifl-name>

Interface name

<ipv4 | ipv6>

Specifies ipv4 or ipv6 address family

<sid-value>

Segment routing index from the SRGB range assigned to this interface

Command modes
[instance protocol isis]
[instance protocol isis interface <ifl-name>]
Example
[ ]
root@rtbrick:confd> edit instance protocol isis
[ instance protocol isis ]
root@rtbrick:confd> edit interface lo-0/0/0/1/0

[ instance protocol isis interface lo-0/0/0/1/0]
root@rtbrick:confd> set segment-routing ipv4 index 100

To delete the operation that you performed, enter the following command:

delete instance protocol isis interface <ifl-name> segment-routing <ipv4 | ipv6> index

2.8. IS-IS Anycast Configuration Commands

2.8.1. ISIS ipv4/ipv6 Anycast

This command configure ISIS Anycast index for IPv4/IPv6.

Syntax

set instance protocol isis interface <ifl-name> segment-routing <ipv4 | ipv6> anycast index <sid-value>

Command arguments

<ifl-name>

Interface name

<ipv4 | ipv6>

Specifies ipv4 or ipv6 address family

<sid-value>

IS-IS index range assigned to this interface

Command modes
[instance protocol isis]
[instance protocol isis interface <ifl-name>]
Example
[ ]
root@rtbrick:confd> edit instance protocol isis
[ instance protocol isis ]
root@rtbrick:confd> edit interface lo-0/0/0/1/0

[ instance protocol isis interface lo-0/0/0/1/0]
root@rtbrick:confd> set segment-routing ipv4 anycast index 100

To delete the operation that you performed, enter the following command:

delete instance protocol isis interface <ifl-name> segment-routing <ipv4 | ipv6> anycast index

2.9. Show Commands

  • show isis overview

  • show isis route

2.9.1. show isis overview

You can use this command to view the IS-IS SRGB-related information.

Syntax

show isis overview

Example
ubuntu@blr:~$ rtb isis.iod.1 show  isis overview
Instance: default
  System-ID: 1921.6800.1002, Areas: 49.0001/24
  SRGB start-label: 100, index-range: 100
  Neighbor Hold Time: 30000ms, LSP Lifetime Interval: 65535ms
  System OverLoad: false, System OverLoad Timeout: 60000ms
  Current Up Neighbors Count : 2, Neighbors Flap Count : 0
ubuntu@blr:~$

2.9.2. show isis route

This command displays all the labelled unicast (SR) prefixes for the IPv4 Address Family Identifiers (AFI).

Syntax

show isis route instance <instance-name> <afi> <safi>

Command arguments

<instance-name>

Name of the instance

<afi>

IPv4 Address Family Identifier (AFI)

<safi>

Subsequent address family identifier (unicast | labeled-unicast | multicast)

Command modes
rtb isis.appd
Example
ubuntu@blr:~/development/libisis$ rtb isis.appd.1 show isis route instance default ipv4 unicast
Table: default.isis.fib-local.ipv4.unicast
 Prefix                  Metric Nexthop
 12.1.1.0/24                 10 via local
 23.1.1.0/24                 10 via local
 2.2.2.2/32                  10 via local
ubuntu@blr:~/development/libisis$

2.9.3. show isis database

This command displays the entries in the IS-IS link-state database.

Syntax

show isis database <level 1|2> detail

show isis database instance <instance name>

Command arguments

<level 1|2>

Displays the IS-IS link-state database entries for the specified IS-IS level

<instance name>

Displays the IS-IS link-state database entries for the specified instance

Example
ubuntu@blr:~/development/libisis$ rtb isis.iod.1 show  isis database detail
 1921.6800.1001.00-00, Instance: default, Level: 1
  Sequence no: 0x3, Checksum: 0x8, Remaining Lifetime: 65534ms
  Attached bit: 0, Overload bit: 0
  Last received time: 2019-12-10T14:45:15.610799+0530
  Expiry time: expires in 17h 58m 4s 672416us
    Supported Protocols:
      Protocol supported: IPv6
      Protocol supported: IPv4
    Neighbor List:
      Node ID: 1921.6800.1002.00, Metric: 10
    IPv4 Prefix List:
      Prefix: 12.1.1.0/24, Metric: 10
      Prefix: 1.1.1.1/32, Metric: 10
    IPv6 Prefix List:
    SRGB List:
 1921.6800.1003.00-00, Instance: default, Level: 1
  Sequence no: 0x3, Checksum: 0xd, Remaining Lifetime: 65534ms
  Attached bit: 0, Overload bit: 0
  Last received time: 2019-12-10T14:45:15.610884+0530
  Expiry time: expires in 17h 58m 4s 671564us
    Supported Protocols:
      Protocol supported: IPv6
      Protocol supported: IPv4
    Neighbor List:
      Node ID: 1921.6800.1002.00, Metric: 10
    IPv4 Prefix List:
      Prefix: 23.1.1.0/24, Metric: 10
      Prefix: 3.3.3.3/32, Metric: 10
    IPv6 Prefix List:
    SRGB List:
 1921.6800.1002.00-00, Instance: default, Level: 1
  Sequence no: 0x5, Checksum: 0xb, Remaining Lifetime: 65535ms
  Attached bit: 0, Overload bit: 0
  Last received time: 2019-12-10T14:47:07.340859+0530
  Expiry time: expires in 17h 59m 57s 400741us
    Supported Protocols:
      Protocol supported: IPv6
      Protocol supported: IPv4
    Neighbor List:
      Node ID: 1921.6800.1001.00, Metric: 10
      Node ID: 1921.6800.1003.00, Metric: 10
    IPv4 Prefix List:
      Prefix: 12.1.1.0/24, Metric: 10
      Prefix: 23.1.1.0/24, Metric: 10
      Prefix: 2.2.2.2/32, Metric: 10, Segment-Index: 10, Flags: Node
    IPv6 Prefix List:
    SRGB List:
      SRGB start-label: 100, index-range: 100

3. Configuring Flood Filter for IS-IS Protocol

3.1. Introduction

IS-IS flood filtering reduces flooding that allows to match and filter on specific IS-IS systems IDs.

3.2. Topology

flood filter

3.3. Commands to configure ISIS Flood Filter

3.3.1. Global Config Command

Use these commands to filter flooding Globally.

Syntax
  • set isis flood-filter <flood_filter_name> ordinal <ordinal_number> ordinal-name <ordinal_name>

  • set isis flood-filter <flood_filter_name> ordinal <ordinal_number> match system-id <system_id>

  • set isis flood-filter <flood_filter_name> ordinal <ordinal_number> action <flood/block>

Command arguments

<flood_filter_name>

Filter-name which binds a flooding filter to an IS-IS interface

<ordinal_number>

Number to filter rule

<ordinal_name>

Name to filter rule

<system_id>

ID which matches ISIS system-ID

<flood/block>

Action required to flood or not

Command modes
[isis.flood-filter.ordinal]
Example
edit isis
edit flood-filter spine1_lsr1_flood_filter
edit ordinal 1
set ordinal-name spine1
set match system-id 1920.0100.4001
set action flood
exit
exit
exit

3.3.2. Interface-level Config Command

Use this command to filter flooding on interface level.

Syntax

set instance <instance_name> protocol isis interface <spine_lsr_ifl> flood-filter <flood_filter_name>

Command arguments

<instance_name>

configured Instance vrf name

<spine_lsr_ifl>

Interface name

<flood_filter_name>

Filter-name which binds a flooding filter to an IS-IS interface

Command modes
[instance.protocol.interface]
Example
edit instance ip2vrf
edit protocol isis
edit interface memif-0/1/6/16
set flood-filter spine1_lsr1_flood_filter
exit
exit
exit

3.4. Configuration Example

The following examples shows how to configure IS-IS Flood Filter on Spine1 and Spine2

Spine1:

rtb confd set isis flood-filter spine1_lsr1_flood_filter ordinal 1 ordinal-name spine1
rtb confd set isis flood-filter spine1_lsr1_flood_filter ordinal 1 match system-id 1920.0100.4001
rtb confd set isis flood-filter spine1_lsr1_flood_filter ordinal 1 action flood

rtb confd set isis flood-filter spine1_lsr1_flood_filter ordinal 2 ordinal-name spine2
rtb confd set isis flood-filter spine1_lsr1_flood_filter ordinal 2 match system-id 1920.0100.4002
rtb confd set isis flood-filter spine1_lsr1_flood_filter ordinal 2 action flood

Spine2:

rtb confd set isis flood-filter spine2_lsr2_flood_filter ordinal 1 ordinal-name spine1
rtb confd set isis flood-filter spine2_lsr2_flood_filter ordinal 1 match system-id 1920.0100.4001
rtb confd set isis flood-filter spine2_lsr2_flood_filter ordinal 1 action flood

rtb confd set isis flood-filter spine2_lsr2_flood_filter ordinal 2 ordinal-name spine2
rtb confd set isis flood-filter spine2_lsr2_flood_filter ordinal 2 match system-id 1920.0100.4002
rtb confd set isis flood-filter spine2_lsr2_flood_filter ordinal 2 action flood

3.5. Viewing the Configuration

The show running configuration command displays the current configuration:

show running-configuration

"isis": [
{
"flood-filter:spine1_lsr1_flood_filter": {
"ordinal:1": {
"ordinal-name": "spine1",
"match-sysid": "1920.0100.4001",
"action": "flood"
},
"ordinal:2": {
"ordinal-name": "spine2",
"match-sysid": "1920.0100.4002",
"action": "flood"
}
},
"protocol isis":
"isis interface:memif-0/1/6/16": {
"interface-type": "point-to-point",
"level2-disable": true,
"flood-filter-name": "spine1_lsr1_flood_filter"

4. Configuring IS-IS Authentication

The IS-IS protocol traffic can be authenticated to guarantee that only trusted routing devices participate in the autonomous system (AS) routing.

The authentication of ISIS Protocol Data Units (PDUs) can use Hashed Message Authentication Codes - Message Digest 5 (HMAC MD5) authentication or the Clear Text authentication. These authentication features enable you to verify the authenticity of the sender. These can also be used to detect any errors in the transmitted frames.

Currently RBFS supports the following two types of authentication:

Clear Text (Simple Text)

In this type of authentication, the password is encoded as a clear string and sent in the packet over the wire.

HMAC-MD5

This type of encoding scheme uses HMAC-MD5 hashes. By using MD5 hashes the password does not travel in clear text format over the circuit, instead a message digest is calculated from PDU and it is sent as a secret password. The HMAC-MD5 algorithm is documented in RFC 2104. It describes a one-way operation to get a hash based on a bit field and a shared secret password. This means that, it is based on the hash and the bit field, and therefore the password cannot be reconstructed.

Note By default, IS-IS authentication is disabled. It is enabled when you configure the authentication type and authentication key.

4.1. Configuring Authentication at Instance Level

4.1.1. Configuring Authentication Type

Enter the following command to configure the authentication type.

set instance [vrf-name] protocol isis <level> authentication type <algo>

Command Parameters
Parameter Description

[vrf-name]

Name of the routing and forwarding (VRF) instance

<level>

level-1 or level-2

<algo>

Specifies the authentication algorithm - clear_text, md5 or sha1.

Example
set instance ip2vrf protocol isis level-1 authentication type clear_text
set instance ip2vrf protocol isis level-1 authentication type md5
set instance ip2vrf protocol isis level-1 authentication type sha1
4.1.1.1. Deleting Authentication Type

Enter the following command to delete an authentication type.

delete instance [vr-name] protocol isis <level> authentication type

4.1.2. Configuring Authentication Key

Enter the following command to configure the authentication key.

set instance [vrf-name] protocol isis <level> authentication key <value>

Note
  • The authentication key is a mandatory parameter.

  • The authentication key is used as transmit key and receive key. This attribute is applicable all authentication types (clear_text|md5|sha1).

Command Parameters
Parameter Description

[vrf-name]

Name of the routing and forwarding (VRF) instance

<level>

level-1 or level-2

<value>

Identifies an authentication key. Prefix 0(zero) is used to store the key in hash.

Example
set instance ip2vrf protocol isis level-1 authentication key 0test123
4.1.2.1. Deleting Authentication Key

Enter the following command to delete an authentication key.

delete instance [vrf-name] protocol isis <level> authentication key

4.1.3. Configuring Authentication Key2

Enter the following command to configure the authentication key2.

set instance [vrf-name] protocol isis <level> authentication key2 <value>

Note The authentication key2 is an optional parameter. The authentication key2 is used as receive key if authentication key fails. This attribute is used for all authentication types (clear_text|md5|sha1).
Command Parameters
Parameter Description

[vrf-name]

Name of the routing and forwarding (VRF) instance

<level>

level-1 or level-2

<value>

Identifies an authentication key. Prefix 0(zero) is used to store they key in hash.

Example
set instance ip2vrf protocol isis level-1 authentication key2 0test123
4.1.3.1. Deleting Authentication Key2

Enter the following command to delete an authentication key2.

delete instance [vrf-name] protocol isis <level> authentication key2 <value>

4.1.4. Configuring Authentication Key-id

Enter the following command to configure the authentication key-id.

set instance [vrf-name] protocol isis <level> authentication key-id <value>

Note The authentication key-id is an optional parameter. If the authentication key-id is not specified, it is set to 1 by default. This attribute is applicable for sha authentication type.
Command Parameters
Parameter Description

[vrf-name]

Name of the routing and forwarding (VRF) instance

<level>

level-1 or level-2

<value> -

Identifies an authentication key

Example
 set instance ip2vrf protocol isis level-1 authentication key-id 10
4.1.4.1. Deleting Authentication Key-id

Enter the following command to delete an authentication key-id.

delete instance [vrf-name] protocol isis <level> authentication key-id

4.1.5. Configuring Authentication Key-id2

Enter the following command to configure the authentication key-id.

set instance [vrf-name] protocol isis <level> authentication key-id2 <value>

Note The authentication key-id2 is an optional parameter. If authentication key-id2 is not specified, it is set to 2 by default. This attribute is applicable for the sha authentication type.
Command Parameters
Parameter Description

[vrf-name]

Name of the routing and forwarding (VRF) instance

<level>

level-1 or level-2

<value>

Identifies an authentication key

Example
set instance ip2vrf protocol isis level-1 authentication key-id2 20
4.1.5.1. Deleting Authentication Key-id2

Enter the following command to delete an authentication key-id2

delete instance [vrf-name] protocol isis <level> authentication key-id2

4.1.6. Configuring No Authentication Check

Enter the following command to configure the no authentication check.

set instance [vrf-name] protocol isis <level> authentication authentication-check disable

Command Parameters
Parameter Description

[vrf-name]

Name of the routing and forwarding (VRF) instance

<level>

level-1 or level-2

Example
set instance ip2vrf protocol isis level-1 authentication authentication-check disable
4.1.6.1. Deleting the No Authentication Check Configuration

Enter the following command to delete the no authentication check configuration.

delete instance [vrf-name] protocol isis <level> authentication authentication-check disable

4.2. Configuring Authentication at Interface Level

4.2.1. Configuring No Hello Authentication

Enter the following command to configure the no hello authentication.

set instance [vrf-name] protocol isis interface <interface name> <level> hello-authentication disable

Command Parameters
Parameter Description

[vrf-name]

Name of the routing and forwarding (VRF) instance

<interface name>

Name of the interface that you to configure

<level>

level-1 or level-2

Example
set instance ip2vrf protocol isis interface ifl-0/1/2/1 level-1 hello-authentication disable
4.2.1.1. Deleting No Hello Authentication Configuration

Enter the following command to delete the no hello authentication configuration.

delete instance [vrf-name] protocol isis interface <interface name> <level> hello-authentication disable

4.2.2. Configuring No Sequence Number PDU (SNP) Authentication

Enter the following command to configure the no SNP authentication.

set instance [vrf-name] protocol isis interface <interface name> <level> snp-authentication disable

Command Parameters
Parameter Description

[vrf-name]

Name of the routing and forwarding (VRF) instance

<interface name>

Name of the interface that you to configure

<level>

level-1 or level-2

Example
set instance ip2vrf protocol isis interface ifl-0/1/2/1 level-1 snp-authentication disable
4.2.2.1. Deleting No SNP Authentication Configuration

Enter the following command to delete the no SNP authentication configuration.

delete instance [vrf-name] protocol isis interface <interface name> <level> snp-authentication disable

5. IS-IS Theory of Operation

5.1. Adjacency

adjacency

5.2. LSP Generation

lsp gen

5.3. Route Calculation

route calculation

©Copyright 2020 RtBrick, Inc. All rights reserved. The information contained herein is subject to change without notice. The trademarks, logos and service marks ("Marks") displayed in this documentation are the property of RtBrick in the United States and other countries. Use of the Marks are subject to RtBrick’s Term of Use Policy, available at https://www.rtbrick.com/privacy. Use of marks belonging to other parties is for informational purposes only.